Getting started

The trusted platform module (TPM) found on SNS firewalls offers hardware storage that increases the security of certificates stored on the SNS firewall.

The TPM-based security mechanism applies to some certificates, depending on the version installed on the SNS firewall.

This technical note explains how to initialize and configure the TPM on an SNS firewall, how to protect the private key of SNS firewall certificates with the TPM, and how to use these certificates in the configuration of an SNS firewall.

 

Date Description
May 6, 2025
  • New requirement regarding the activation of the Secure Boot feature added in the "Requirements" section
  • Information on the TPM administration password, symmetric key, PCRs, and TPM sealing added in the "How it works" section
  • Content relating to TPM initialization updated, and now has its own separate section in the document
  • Information regarding the verification of TPM status and TPM sealing added in the section "Managing the TPM on SNS firewalls"
  • Clarification regarding the verification of protection on a certificate's private key added in the section "Protecting private keys of certificates on SNS firewalls"
  • Clarification regarding the use of a backup certificate for the web administration interface added in the section "Using certificates with TPM-protected private keys"

  • Clarification regarding the calculation of the high availability quality factor when the Secure Boot feature is enabled added in the section "Explanations on usage when the TPM is initialized"

  • Contents of the "Troubleshooting" section enriched
December 13, 2024
  • Clarifications added regarding the initialization of the TPM in a high availability cluster
February 13, 2024
  • Explanations regarding PCRs added to the section "Protecting private keys in firewall certificates with symmetric keys"
  • Changes to the description of the TPM orange status in the section "Checking whether the TPM is initialized"
  • Explanations on resetting the TPM added to the section "If you have forgotten the TPM password"
  • Explanation on the force=on token reworded in the section "Disabling the TPM"
  • The example <CN> changed to <CERTNAME> in the sections "Protecting the private key of a certificate that has already been added" and "Checking whether the private key in the SNS firewall's certificate is protected"
  • Information regarding the certification authority reworded in the "SSL VPN" section
  • Important information regarding the use of protected private keys added to the section "Communications with the SMC server"
  • Explanations on protecting the backup file with a password added to the section "Backing up a configuration"
January 18, 2024
  • New document